There are new AML and financing of crime rules. The Superintendency of Banks has added a chapter titled “Control Standards for Managing the Risks of Money Laundering and Financing of Crime such as Terrorism (ARLAFDT)” in Title IX “Risk Management”, Book I “Control Standards for Public and Private Financial Entities” of the Superintendency’s codified rules[1]. The main provisions of the resolution are:
Scope of Application:
- The standards apply to public and private financial entities supervised by the Superintendency of Banks.
- Branches, agencies, subsidiaries or affiliates of foreign financial entities based in Ecuador must comply with these rules, without prejudice to the application of requirements in the country where the head office is registered.
Managing the risks of money laundering and financing of crime such as terrorism
- The management of these risks must enable the regulated entities to identify, measure, control, mitigate and monitor their exposure to this type of risk.
- Entities must record, organize, classify, and make available information on risk events in order to continually add to and update their money laundering risk matrix.
- To implement risk management, the nature, corporate purpose and other specific characteristics of the regulated entity must be considered.
- It must cover all classes of financial services or products, and all classes of customer.
- It must enable the creation of the following, as a minimum:
- Risk matrix.
- Behavioral and transaction profile of the customer.
- Market segmentation in credit and risk factors.
- Detection of unusual and unjustified operations.
- Risk management must include the following stages as a minimum:
- Identification: based on defined risk factors.
- Measurement or evaluation: must measure the probability of the risk occurring with regards to each risk factor, and the impact if it were to occur.
- Control: must take measures conducive to controlling or mitigating risks and must implement controls for prevention and detection.
- Monitoring: must monitor the risk profile and the overall risk management process.
- Risk management must have the following elements as a minimum:
- Policies
- Organizational structure
- Risk Management Manual
- Procedures and methodology
- Internal and external reports
- Auditing
- Technological infrastructure
- Organizational culture
Provisions for other entities:
- Entities which are part of the social security system and are supervised by the Superintendency of Banks must have a system for managing risk prevention according to the size and complexity of their operations and services.
- Entities in liquidation; financial service entities such as currency exchange, warehouses, corporations for the development of a secondary mortgage market, and ancillary services companies must set up internal AML/CFT control systems by applying due diligence procedures.
Deadline for Implementation
- These regulations must be implemented within 6 months.
[1] Superintendency of Banks Resolution No. SB-2020-0550, published in the Special Edition of Official Gazette No. 738 on July 3, 2020.
Editorial Board
